Version 4.0 of the open source Kubernetes security platform Kubescape has been released, bringing runtime threat detection and a new set of AI-era security features. This is the first time the project has targeted the security of AI agents themselves, alongside its established scanning capabilities.
The announcement, published on the CNCF blog during KubeCon + CloudNativeCon Europe 2026 and written by Ben Hirschberg, Kubescape Core Maintainer, explains that the headline change in 4.0 is the move of Runtime Threat Detection and Kubescape Storage to general availability.
Kubescape is an open-source Kubernetes security platform, maintained as a CNCF incubating project. It scans clusters, Helm charts, YAML manifests, and CI/CD pipelines for misconfigurations, vulnerabilities, and RBAC violations. It has runtime threat detection, which learns normal workload behaviour and alerts on deviations, cutting CVE noise by over 95%. Native integrations with tools such as VSCode and GitHub Actions allow teams to embed security checks early in the development process without disrupting their workflows.
The Runtime Threat Detection engine relies on detection rules (based on the Common Expression Language) that work directly against Kubescape's Application Profiles. The engine monitors processes, Linux capabilities, system calls, network and HTTP events, and file system activity. Rules and RuleBindings are now managed as Kubernetes CRDs, and alerts can be forwarded to AlertManager, SIEM tools, Syslog, Stdout, or HTTP webhooks. Hirschberg writes that this engine has been rigorously tested and has proved stable at scale.
Kubescape Storage has also reached GA in this release. It uses the Kubernetes Aggregated API to store security metadata such as Application Profiles, SBOMs, and vulnerability manifests in a dedicated layer, keeping that data out of the standard etcd instance. Amir Malka, who is welcomed as a new maintainer in this release, presented the underlying approach at KubeCon + CloudNativeCon North America 2025.
This architecture has been proven to handle the demands of large-scale, high-density clusters, providing the performance required for modern enterprise environments.
- Ben Hirschberg
The release also removes the host-sensor, a "pop-up" DaemonSet previously used for node scanning. Kubescape's community had flagged the approach as intrusive and difficult to audit from a security standpoint. The host-agent has been similarly retired, with its capabilities folded into the node-agent via a direct API between the core Kubescape microservices. The result is a single agent per node, which Hirschberg argues makes the security posture "both more stable and easier to audit."
There are also other AI-related additions, heading in two directions, which Hirschberg describes as "the two sides of the AI security coin." The first is a KAgent-native plug-in that allows AI assistants to query Kubernetes security posture from within a cluster. Through this plug-in, an agent can inspect vulnerability manifests, review configuration scans for RBAC issues, find guidance on fixing problems, and look at container behaviour at runtime using ApplicationProfiles and NetworkNeighborhoods. The second element is security scanning specifically for KAgent itself, the CNCF Sandbox project for AI orchestration. KAgent was accepted into the CNCF Sandbox in May 2025 as an open-source framework for building Kubernetes-native AI agents, with an architecture based on the Model Context Protocol. Because KAgent establishes pathways between AI models and enterprise infrastructure, the Kubescape team argues that its configuration needs the same level of scrutiny as any other workload.
We need robust security guardrails to stop agents from exploiting them for high-risk actions like unauthorized access or deleting production data.
- Ben Hirschberg
Kubescape 4.0 introduces 15 controls based on OPA's Rego language, covering 42 security-critical configuration points in KAgent's CRDs. These controls check for errors such as empty security contexts in default deployments, missing NetworkPolicies, and over-privileged controller-wide namespace watching. This approach builds on Kubescape's existing Rego-based framework, which already supports compliance standards including the NSA-CISA and MITRE ATT&CK frameworks. The 4.0 release adds support for CIS Benchmark versions 1.12 for vanilla Kubernetes and 1.8 for EKS and AKS.
Many of the new features in Kubescape 4.0 are a reaction to the growing adoption of agentic AI in Kubernetes environments. Shakudo's documentation on deploying production-grade AI agents on Kubernetes notes that kagent offers "tools, resources, and AI agents that help automate configuration, troubleshooting, observability, and network security." As these agents gain more autonomy and deeper access to infrastructure, the attack surface they represent becomes a practical concern rather than a theoretical one. A LinkedIn post from Craine.io on KAgent's CNCF sandbox graduation observed that "AI workload orchestration isn't just about containers anymore. It's about building resilient, scalable intelligence infrastructure."
The Kubescape 4.0 release is one of the first systematic attempts to apply cloud native security tooling to the agents themselves, rather than only to the workloads they manage.Kubescape was accepted as a CNCF Incubating project in January 2025, having entered the CNCF Sandbox in 2022. The project is maintained by ARMO and accepts contributions from the wider community.